Being popular isn’t all it’s cracked up to be. A tree full of fruits is sure to get its share of stones thrown at it. Take Microsoft Windows for example. The operating system is on a gazillion computers so now Windows and its apps are the target of thousands of viruses and other malware. The same is true with the popular content management system WordPress, which is now used by millions of websites because of its ease of use and flexibility.
WordPress sites are now a popular target for hackers due to its popularity and since it shares its API for people to be able to create plugins, hackers have a grip on its inner workings. Unsecure websites made with WordPress are easy targets especially when these websites are used for commerce. Like Fright Night vampires, hackers can only do damage when they’re invited in and invitations come in the form of a lax in security.
The following are ways for WordPress website owners to secure themselves.
- Limit Login Attempts – lazy developers hardly limit password attempts in the mistaken belief that secure passwords are all that’s needed for security. Some website owners contract their website for a small amount as possible and get the same effort in return. For such websites, the basic brute force attack where hackers will continually and automatically try to enter various combinations will work like a charm. Limiting login attempts to three or five will prevent brute force attacks. It’s the same with the iPhone where if an intruder continually enters the wrong PIN after a few times, the phone will lock itself in increasing amounts of time. Lazy users are also to blame so if they’re allowed to use generic passwords, brute force attack isn’t needed and limited login attempts will be useless.
- Backing Up – nothing beats a good backup whether it be files on a computer or an entire website. If a hacker does succeed in messing up the website, it needs to get up and running immediately. A good regular back up should keep the downtime to a minimum. After restoration, or even before, website owners should beef up security.
- Long passwords – having longer passwords can minimize brute force attacks and more difficult for lucky guesses. That, and limiting login attempts should work like a charm. The password should also be changed regularly and should include a combination of letters, numbers, symbols and powdered batwing but should be easy to remember. It’s a chore to bury your treasure but the deeper it is, the harder it is for others to dig out.
- Find a secure host – all the password techniques, encryption and security plugins won’t matter if the host itself isn’t secure. If hackers know your host and manage to get into the servers themselves, your website along with others will be in jeopardy. Try to find a hosting service that takes security, internal or external, very seriously. It’s tough but it’s either that or ruin especially if the website is for commercial purposes.
- Keeping WordPress itself updated – like operating systems and other platforms such as Flash and Java, WordPress also makes use of regular updates in order to minimize vulnerabilities. The front door isn’t the only way for thieves can enter a home. Logins aren’t the only way hackers can get in. Cracks in the software can allow hackers to get into a system and keeping WordPress properly patched should help in minimizing hacks. Also keep WordPress from displaying its version number on your website. The version number gives hackers a clear picture on which cracks to exploit.
- Do not use ‘admin’ as a user name – The admin user name, once hacked gives hackers complete control of the website. Website owners can create a different user and grant it admin privileges then delete the admin account. With no idea on what account to hack, hackers will have a difficult time messing with the website.
- Use only trusted plugins – plug-ins can add features to websites including security. As much as possible, download and use only those from trusted WordPress marketplaces. The wrong plug-ins can introduce vulnerabilities or even backdoors to your websites. Put that plug-in down if you don’t know where it’s from. Also, remove plug-ins no longer in use.
- Try not to give contributors or contractors full control – aside from the owner, contributors themselves can be hacked and their passwords used to hack into your website. Both disgruntled contributors and contractors with full control can completely mess with your website from the time they were wronged or years after that or if there’s profit to be made. Remove the contractor’s account once their job is finished.
Keep these in mind if you plan to create or already have a WordPress website. Security is paramount if you want the site to live forever. Hackers often consider themselves as heroes. It’s your turn to play villain and fill the moat around your castle. Consider each item as a shark with lasers on its head. The more sharks the better.